anonhaven
Ad

CVE-2025-22225

HIGH CVSS 3.1: 8.2 EPSS 9.98% ACTIVE EXPLOIT
Updated Oct 30, 2025
VMWARE

CISA Known Exploited Vulnerability (KEV)

This vulnerability is actively exploited in the wild. Immediate patching is strongly recommended.

Due Date: Mar 25, 2025

Parameter Value
CVSS 8.2 (HIGH)
Type CWE-123, CWE-787 (Out-of-bounds Write)
Vendor VMWARE
Public PoC Yes

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
High
Admin privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-123
CWE-787 Out-of-bounds Write

Vulnerable Products 55

Configuration From (including) Up to (excluding)
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3f:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3g:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3i:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3j:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3k:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3l:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3m:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3n:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3o:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3p:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3q:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3r:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:a:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:b:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:c:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_1:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_1a:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_1c:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_1d:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_2:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_2b:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_2c:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_3:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_3b:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_3c:*:*:*:*:*:*
Vmware Cloud_Foundation
cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*
Vmware Telco_Cloud_Infrastructure
cpe:2.3:a:vmware:telco_cloud_infrastructure:2.2:*:*:*:*:*:*:*
Vmware Telco_Cloud_Infrastructure
cpe:2.3:a:vmware:telco_cloud_infrastructure:2.5:*:*:*:*:*:*:*
Vmware Telco_Cloud_Infrastructure
cpe:2.3:a:vmware:telco_cloud_infrastructure:2.7:*:*:*:*:*:*:*
Vmware Telco_Cloud_Infrastructure
cpe:2.3:a:vmware:telco_cloud_infrastructure:3.0:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:2.0:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:2.5:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:2.7:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:3.0:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:4.0:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:4.0.1:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:5.0:*:*:*:*:*:*:*

References 2

https://support.broadcom.com/web/ecx/support-content-notification/-/external/co…
security@vmware.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025…
134c704f-9b21-4f2e-91b3-4a467353bcc0
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-22744

VMWARE

7.5

CVE-2026-22743

Spring

7.5

CVE-2026-22742

Spring

8.6

CVE-2026-22738

Spring

9.8

CVE-2025-22226

VMWARE

6.0